ResNet Home :: Support :: Documentation :: Quickstart :: Linux

Policies
News & Events
Support
    Requirements
    Do It Yourself!
        Checklist
        Quickstart
    FAQ
    Online Training
    Virus Information
Registration
Discussion List
AURH
Jobs
About Us

Quickstart

Running Linux on ResNet

Before attempting to connect your Linux machine to the ResNet DHCP server you need to understand that if you have problems connecting your machine, the Student Computing Assistants (SCAs) may not be able to help you. To this end, we recommend you run a commercial release of Linux (from RedHat, Debian, Slackware, etc.)

Before Following This Guide

Before you go through this guide it is assumed that you have already installed an ethernet adapter in your machine and it is working with your Linux kernel. The ethernet cards are available from the NAU Bookstore. For information on getting the ethernet card to work with your Linux kernel look at the Kernel-HOWTO and Ethernet-HOWTO guides from Sunsite.

Getting Your Ethernet Address

Before you can register for an IP address with the ResNet DHCP server, you will need to determine the address of your ethernet adapter. In most Linux releases you can do this by issuing the following command (you may need to be logged in as root to execute this command):

cat /var/log/syslog | grep eth0

The output from this command should look something like the following:

soap kernel: loading device 'eth0'...
soap kernel: eth0: 3Com 3c905 Boomerang 100baseTx at 0x7f00, 00:60:08:3b:57:72, IRQ 11

or

foobar kernel: NE*000 ethercard probe at 0x6100: 00 a0 21 43 cf 90
foobar kernel: eth0: NE2000 found at 0x6100, using IRQ 11.

Your ethernet address will be something similar to 00:60:08:3b:57:72 from the first example or 00 a0 21 43 cf 90 from the second example. You should write this down and keep it at hand.

Get the DHCP Client

You need the DHCP client daemon for Linux so that the ResNet DHCP server can issue your machine an IP address. You can download this from any of the following ftp sites (the latest version as of this document is 1.3.18):

ftp://ftp.cdrom.com/pub/linux/sunsite/system/network/daemons
ftp://sunsite.unc.edu/pub/Linux/system/network/daemons
ftp://ftp.cc.gatech.edu/Linux/system/network/daemons

The package you download will be something like dhcpcd-0.70.tar.gz. You will need to extract this. Run the following command:

tar xvzf dhcpcd-1.3.18-pl3.tar.gz

This will create a subdirectory with everything in it you need. Next, go into the newly created directory and install the package (you will need to be root to perform these operations) by issuing the following commands:

cd dhcpcd-1.3.18-p13
make install

The installation procedure will create the /etc/dhcpc directory where the configuration information will be stored and the installation will place the necessary binaries into the /usr/sbin directory.

/etc/HOSTNAME or /etc/hostname

If you are running a BSD flavor of Linux (such as Slackware) you will have an /etc/HOSTNAME file. If you are running a System V flavor (such as RedHat or Debian) you will have an /etc/hostname file. The contents of the two files is the same. This file contains a single line, with a single word on it. This is the name of your machine without any domain information, an example of this would be:

soap

If the name of your machine was soap (or soap.resnet.nau.edu).

/etc/rc.d/rc/inet1

The following section is only for BSD flavors (Slackware). You will need to change your rn.inet1 file. First make a backup:

cd /etc/rc.d
mv rc.inet1 rc.inet1-orig

Next, create a new file with the following information:

#!/bin/sh
#
# rc.inet1 This shell script boots up the base INET system
#

HOSTNAME = `cat /etc/HOSTNAME`

# Attach the loopback device
/sbin/ifconfig lo 127.0.0.1
/sbin/route add -net 127.0.0.0 netmask 255.0.0.0 lo

# If you have an ethernet connection, use the lines below to configure
# the eth0 interface. If you're only using the loopback of SLIP, do not 
# include the rest of the lines in this file.

/usr/sbin/dhcpcd

Save the file and reboot the computer for the changes to take effect.

/etc/resolv.conf

The resolv.conf file is used to specify the nameservers your system will use. This file exists on both the BSd ans System V flavors of Linux. The DHCP client daemon builds this file automatically, so, we simply need to link the DHCP file to the /etc directory. The following commands will do this:

cd /etc
mv resolv.conf resolv.conf-orig
ln -sf .etc.dhcpc/resolv.conf /etc/resolv.conf

Having Trouble

If you are still having trouble there are a couple of resources you can try.

DHCP mini-HOWTO
nau.comp.linux - The newsgroup for Linux here at NAU

Register for ResNet Service

You should now have a live network connection, but your access is restricted to machines on the NAU campus. For unrestricted access, you must fill out the online registration form. Go to the ResNet web site at http://www.nau.edu/resnet/ and follow the Online Registration link.

Securing Your Linux Machine

Before you use the ResNet network, you still need to do some configuring on your machine. By default most Linux releases install a package called TCP Wrappers. This package provides controls over what access your machine provides to other machines on the network. By default all of the services are turned on. To fix this you need to edit the file /etc/inetd.conf and comment out most of the services listed. Any machine attached to the NAU Network must conform to the NAU Network policy. To this end here is a quick list of services which are and are not acceptable to run:

Service Name Service Executable NAU Network Policy
Telnet
FTP
DHCP (client)		 telnetd
ftpd
dhcpcd		 OK to run
SMTP
BOOTP
ROUTED
DHCP (server)
Port Scanners		 smtpd
bootpd
routed
dhcpd		 DO NOT RUN!

This list does not entitle you to run something simply because it is not on the don't list. Any service you run must comply with the NAU Network Usage Policy. The reason for this is that any UNIX system connected directly to the NAU network is a target for intruders attempting to illegally access the NAU system. With this in mind, you should at the minimum enable tcp-wrapper for any services you run on your machine, and keep track of the entries in the various log files found in /var/log. If you are not sure whether the service you wish to run is acceptable (or for any Linux related questions at NAU) contact ResNet.

Once you think you have the TCP Wrappers set up and your machine secure there are some programs you should use to check the security on your system. The first is called chkexpliot and it can be downloaded from:

ftp://ftp.pangeia.com.br/pub/seg/pac/chkexploit.tar.gz

The second program is called chkdemonkit which evaluates the daemon processes running on your system:

ftp://ftp.pangeia.com.br/pub/seg/pac/chkdemonkit-0.4.tar.gz

UsableNet 508/WAI Approved (v. 1.2.1.1)

ResNet: Residential Networking
© 2003 Northern Arizona University - Information Technology Services
Webpage Contact: ResNet.Support@NAU.EDU